Cybercriminals Roll Out New Ad Campaign Targeting Users On Facebook

A new security alert was rolled out warned against cybercriminals targeting page admins and users on Facebook.

These threat actors launched their new campaign that exploits Meta’s ads to make it seem so real. In reality, they’re making use of exploiting infostealer software that hijacks user accounts and their personal data.

The news comes to us thanks to Bitdefender who revealed how the ongoing attack focuses on famous brands like Netflix, CapCut, and beyond on a grand level. At the campaign’s heart is the SYS01 malware that’s seen across various Meta platforms.

The malvertising program is wreaking havoc across Facebook for nearly a month now and continues to evolve. Each day, new ads pop up as confirmed by researchers in this report.


Cybercriminals are including ads that copy famous software tools. One of them was so real that viewers got lured into assuming it was really Netflix so they signed up to get no ads while streaming. Some of the other ads speak about better productivity and using picture editing tools. The same goes for VPNs and instant messaging networks and video games.

Some ads go as far as to run for a long time, including weeks. Most of them entail links that direct users to cloud storage or directly to a questionable link to download more malware into the system. Most of the files are Zip archives featuring electronic apps while working through cross-platforms built with the help of CSS, Javascript, and beyond. You can find the malware code inside the app and after dropping that, it executes dangerous commands.

In most cases, the malware runs in the background while using the decoy app that usually copies ad-promoting software tech. It seems to function in a normal way and makes it so hard for victims to realize when they’re compromised. The chain features several steps to disguise security tools as the goal is for the malware to steal FB accounts. This is especially true for those business pages that promote sales. They can even update commands in real-time.

The advanced use of tech to ensure the malware is hidden is certainly worrisome. This includes using sandbox detection. If and when the company or cybersecurity expert realizes that a threat is present, the malware alters the code swiftly. After that, they generate more ads with new malware and the process repeats.

Read next: WhatsApp Allows Users To Filter Chats Into Different Categories With New Lists Feature
Previous Post Next Post